Uber passengers need not worry as there was no evidence of fraud, while drivers whose license numbers had been stolen would be offered free identity theft protection and credit monitoring, Uber said. Part of the reason nothing malicious has happened is because Uber acknowledges paying the hackers $100,000 to destroy the stolen information. The Uber data breach was concealed by the company for more than a year, according to the report, thanks to efforts by the company's former CSO and another member of the infosec team. In the blog post addressing the data breach, Khosrowshahi said that outside forensics experts did not think that rider's locations, credit card numbers, bank accounts, and social security numbers had been taken.
Kalanick, who at the time was CEO, learned of the breach a month after it occurred.More news: Jude Law in Talks to Join Brie Larson in 'Captain Marvel'
Amy Spitalnick, spokeswoman for Attorney General Eric Schneiderman, confirmed the probe Wednesday, but would not comment further.
If you're a user of Uber, it's possible your personal information was hacked in 2016 without you even knowing.
But viewing this data breach cover up as an incident that only Uber could commit misses the writing on the wall.More news: Bomb blast kills worshippers in Adamawa mosque
Khosrowshahi said the company fired two individuals who led security response.
Khosrowshahi said in an emailed statement that Uber secured its systems and implemented new security measures after the attack.
"It doesn't appear that happened here", he said.
"We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers".More news: Lebanon's Hariri holds talks with Egypt President Sisi in Cairo
A spokesman from Uber said the company is in the process of notifying various regulatory and government authorities.